Net nie działa, miałam newdot~1

Monika-ka · 22 Czerwiec 2006 10:15

Witam. Wzorując si na podpowiedziach zawartych w pomocy, usunełam (a przynajmniej tak mi sie wydaje) probelm NewDot~1 - dinstalowałam go i usunełam. oczysciłam kmputer Cleaner`em, Ad-awarem, spy-bootem, a nawet nortonem, pandą… (oczywiście uprzednio kolejny odinstalując). wyszukało okropnie duzo błedów, luk. oczysciłam komputer ze zbednych programów, a mimo to nadal nie mam internetu i szczerze mówiąc nie bardzo wiem co zaznaczyć, a czego nie. komputer widzi modem, ale nie moze się połaczyć z internetem.

moze na podstawie tego ktoś mi pomoże

Logfile of HijackThis v1.99.1

Scan saved at 18:28:23, on 2006-06-21

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe

C:\PROGRA~1\TopText\wo.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\twain_32\ScanWiz5\SDII.exe

C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Creative\ShareDLL\MediaDet.exe

C:\PROGRA~1\INCRED~2\bin\IMApp.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\msnet\v9\msnet.EXE

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\Documents and Settings\Konto Administratora\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-search.cgi?track=mssb1&look=sbar1_srchbtn

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-search.cgi?track=mssb1&look=sbar1_srchbtn

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.astercity.net/acc_ssl.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\WINDOWS\DOWNLO~1\MINICL~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\WINDOWS\DOWNLO~1\MINICL~1.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Media-Search] "C:\Program Files\msnet\v9\msnet.EXE" /H

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_6dda.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~2\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_6dda.dll"

O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe"

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe

O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~2\bin\resources\WebMenuImg.htm

O9 - Extra button: Player! - {C377C94E-5A4F-11d3-940D-00001CD3D236} - C:\WINDOWS\System32\shdocvw.dll

O12 - Plugin for .pcg: C:\Program Files\Internet Explorer\Plugins\nppcgplg.dll

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://wilga.acn.pl/wilga/art/tdserver.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab

O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} (Miniclip) - http://www.miniclip.com/toolbar/minicliptoolbar.cab

O16 - DPF: {80B410C0-BADA-11D4-8308-0080C8D7ED4A} - http://gryonline.wp.pl/files/tysiac.cab

O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} - http://klass.js.pl/pornusy.exe

O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/O2CPlayer_147.cab

O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} - http://advnt01.com/dialer/internazionale_ver15.CAB

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?d77783d03d0dd29877970503649e59cfd4c8af7f0a674fecd848165b9620974096fbec58470afeeb130ce9ef163c5925e34ffc609b2bd138bb45195350320dee21478510f7:51bd07fb1b7f6cfe8c482626e79f8d4e

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: License Procedure Messaging (WksPatch) - Unknown owner - C:\WINDOWS\System32\drivers\svchost.exe (file missing)

prosze o “jak najdokładniejsze wytłumaczenie” co i jak mam usunąć ( np te pornusy:( )

z gory dziękuje.

InfinityToJa · 22 Czerwiec 2006 10:22

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-sear … r1_srchbtn R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-sear … mpl1&find= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.media-search.net/nph-sear … mpl1&find= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-sear … r1_srchbtn R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-sear … mpl1&find= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-sear … mpl1&find= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-sear … mpl1&find= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.media-search.net/nph-sear … mpl1&find= R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-sea … mpl1&find= R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe” O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKCU…\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe 4 - HKLM…\Run: [Media-Search] “C:\Program Files\msnet\v9\msnet.EXE” /H O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} - http://klass.js.pl/pornusy.exe O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} - http://advnt01.com/dialer/internazionale_ver15.CAB O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ … 26e79f8d4e

1.Startujesz do trybu awaryjnego

2.Wyłanczasz przywracanie systemu (tylko Me/Xp)

3.Kasujesz wpisy w HijackThis

4.Kasujesz pogrubione pliki/foldery

5.Dajesz nowy log z hjt + log z Silent Runners

Co do neta, użyj lspfix odpal i przenieś biblioteke newedotnet do okienka remove i kliknij finish, lub użyj winsockfix, który naprawi cały łańcuch winsock.

Monika-ka · 23 Czerwiec 2006 06:04

a o to co otrzymałam:

Logfile of HijackThis v1.99.1 Scan saved at 22:08:52, on 2006-06-22 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\PROGRA~1\INCRED~2\bin\IMApp.exe C:\WINDOWS\twain_32\ScanWiz5\SDII.exe C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\cidaemon.exe C:\Documents and Settings\Konto Administratora\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.astercity.net/acc_ssl.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\WINDOWS\DOWNLO~1\MINICL~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\WINDOWS\DOWNLO~1\MINICL~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM…\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM…\Run: [PCShield] regsvr32 /s “C:\WINDOWS\System32\sfg_6dda.dll” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [incrediMail] C:\PROGRA~1\INCRED~2\bin\IncMail.exe /c O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [PCShield] regsvr32 /s “C:\WINDOWS\System32\sfg_6dda.dll” O4 - HKCU…\Run: [NOMAD Detector] “C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [ccleaner] “C:\Program Files\CCleaner\ccleaner.exe” /AUTO O4 - HKCU…\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~2\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: Player! - {C377C94E-5A4F-11d3-940D-00001CD3D236} - C:\WINDOWS\System32\shdocvw.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O12 - Plugin for .pcg: C:\Program Files\Internet Explorer\Plugins\nppcgplg.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://wilga.acn.pl/wilga/art/tdserver.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Reflex … Loader.cab O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} (Miniclip) - http://www.miniclip.com/toolbar/minicliptoolbar.cab O16 - DPF: {80B410C0-BADA-11D4-8308-0080C8D7ED4A} - http://gryonline.wp.pl/files/tysiac.cab O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/O2CPlayer_147.cab O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

może to tez się przyda:

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :22 czerwca 2006 21:43:52 Created with Ad-aware Personal, free for private use. Using reference-file :1R200 12.07.2003 ______________________________________________________ Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry Set : Scan within archives 2006-06-22 21:43:52 - Scan started. (Custom mode) Listing running processes ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ #:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 2006-06-22 19:36:13 BasePriority : Normal #:2 [winlogon.exe] FilePath : ??\C:\WINDOWS\SYSTEM32\ ThreadCreationTime : 2006-06-22 19:36:18 BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 2006-06-22 19:36:18 BasePriority : Normal FileSize : 99 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Us InternalName : services.exe OriginalFilename : services.exe ProductName : System operacyjny Microsoft Created on : 2001-10-26 17:30:02 Last accessed : 2006-06-22 19:36:12 Last modified : 2001-10-26 17:30:02 #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 2006-06-22 19:36:18 BasePriority : Normal FileSize : 11 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe OriginalFilename : lsass.exe ProductName : Microsoft Created on : 2001-10-26 17:29:56 Last accessed : 2006-06-22 19:36:12 Last modified : 2002-09-20 16:05:32 #:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 2006-06-22 19:36:18 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 2001-10-26 17:30:02 Last accessed : 2006-06-22 19:36:12 Last modified : 2001-10-26 17:30:02 #:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 2006-06-22 19:36:18 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 2001-10-26 17:30:02 Last accessed : 2006-06-22 19:36:12 Last modified : 2001-10-26 17:30:02 #:7 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 2006-06-22 19:36:20 BasePriority : Normal FileSize : 50 KB FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe OriginalFilename : spoolsv.exe ProductName : Microsoft Created on : 2001-10-26 17:30:02 Last accessed : 2006-06-22 19:36:12 Last modified : 2001-10-26 17:30:02 #:8 [nhksrv.exe] FilePath : C:\Program Files\Netropa\Multimedia Keyboard\ ThreadCreationTime : 2006-06-22 19:36:20 BasePriority : Normal FileSize : 28 KB Created on : 2004-04-03 18:22:35 Last accessed : 2006-06-22 19:36:12 Last modified : 2001-08-06 04:41:48 #:9 [cisvc.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 2006-06-22 19:36:20 BasePriority : Normal FileSize : 5 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe OriginalFilename : cisvc.exe ProductName : Microsoft Created on : 2001-10-26 17:29:48 Last accessed : 2006-06-22 19:36:12 Last modified : 2001-10-26 17:29:48 #:10 [ctsvccda.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 2006-06-22 19:36:20 BasePriority : Normal FileSize : 43 KB FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 Copyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE OriginalFilename : CTsvcCDA.EXE ProductName : Creative Service for CDROM Access Created on : 2003-01-14 16:45:36 Last accessed : 2006-06-22 19:36:12 Last modified : 1999-12-13 00:01:00 #:11 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 2006-06-22 19:36:21 BasePriority : Normal FileSize : 60 KB FileVersion : 6.13.10.2980 ProductVersion : 6.13.10.2980 Copyright : © NVIDIA Corporation. All rights reserved. CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 29.80 InternalName : NVSVC OriginalFilename : nvsvc32.exe ProductName : NVIDIA Driver Helper Service, Version 29.80 Created on : 2002-10-16 08:19:01 Last accessed : 2006-06-22 19:36:12 Last modified : 2002-05-24 20:42:00 #:12 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 2006-06-22 19:36:21 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 2001-10-26 17:30:02 Last accessed : 2006-06-22 19:36:12 Last modified : 2001-10-26 17:30:02 #:13 [mspmspsv.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 2006-06-22 19:36:21 BasePriority : Normal FileSize : 52 KB FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 Copyright : Copyright © Microsoft Corp. 1981-2000 CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE OriginalFilename : MSPMSPSV.EXE ProductName : Microsoft ® DRM Created on : 2000-06-26 06:44:20 Last accessed : 2006-06-22 19:36:12 Last modified : 2000-06-26 06:44:20 #:14 [explorer.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 2006-06-22 19:37:33 BasePriority : Normal FileSize : 982 KB FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 CompanyName : Microsoft Corporation FileDescription : Eksplorator Windows InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : System operacyjny Microsoft Created on : 2003-05-29 09:54:32 Last accessed : 2006-06-22 19:37:33 Last modified : 2002-09-20 16:05:24 #:15 [soundman.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 2006-06-22 19:37:34 BasePriority : Normal FileSize : 45 KB FileVersion : 5.0.02 ProductVersion : 5.0.02 Copyright : Copyright © 2001-2002 Avance Logic, Inc. CompanyName : Avance Logic, Inc. FileDescription : Avance Sound Manager InternalName : ALSMTray OriginalFilename : ALSMTray.exe ProductName : Avance Sound Manager Created on : 2002-10-16 08:26:52 Last accessed : 2006-06-22 19:37:34 Last modified : 2002-06-14 09:21:30 #:16 [cthelper.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 2006-06-22 19:37:34 BasePriority : Normal FileSize : 24 KB FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 Copyright : Copyright © 2002 CompanyName : Creative Technology Ltd FileDescription : CtHelper Application InternalName : CtHelper OriginalFilename : CtHelper.EXE ProductName : CtHelper Application Created on : 2003-01-14 16:46:45 Last accessed : 2006-06-22 19:36:12 Last modified : 2002-07-02 09:56:00 #:17 [hpztsb05.exe] FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\ ThreadCreationTime : 2006-06-22 19:37:34 BasePriority : Normal FileSize : 184 KB FileVersion : 2,121,0,0 ProductVersion : 2,121,0,0 Copyright : Copyright © Hewlett-Packard Company 1999-2002 CompanyName : HP ProductName : HP DeskJet Created on : 2003-01-14 21:17:55 Last accessed : 2006-06-22 19:36:12 Last modified : 2002-03-28 09:20:49 #:18 [incd.exe] FilePath : C:\Program Files\Ahead\InCD\ ThreadCreationTime : 2006-06-22 19:37:34 BasePriority : Normal FileSize : 1076 KB FileVersion : 3.39.0 ProductVersion : 3.39.0 Copyright : Copyright © ahead software gmbh and its licensors CompanyName : Copyright © ahead software gmbh and its licensors FileDescription : InCD CD-RW UDF Tools InternalName : InCD OriginalFilename : InCD.EXE ProductName : InCD Created on : 2004-03-17 17:02:51 Last accessed : 2006-06-22 19:36:12 Last modified : 2002-09-12 17:13:18 #:19 [mmkeybd.exe] FilePath : C:\Program Files\Netropa\Multimedia Keyboard\ ThreadCreationTime : 2006-06-22 19:37:34 BasePriority : Normal FileSize : 164 KB FileVersion : 1.00 ProductVersion : 1.00 Copyright : Copyright CompanyName : Netropa Corp. FileDescription : Netropa Hot Key InternalName : Netropa Hot Key OriginalFilename : nhk.exe ProductName : Netropa Hot Key Created on : 2004-04-03 18:22:35 Last accessed : 2006-06-22 19:36:12 Last modified : 2002-07-24 23:45:50 #:20 [amoumain.exe] FilePath : C:\PROGRA~1\A4Tech\Mouse\ ThreadCreationTime : 2006-06-22 19:37:35 BasePriority : Normal FileSize : 144 KB FileVersion : 7.42.0.0 ProductVersion : 7.42.0.0 Copyright : Copyright CompanyName : A4Tech Co.,Ltd. FileDescription : Amoumain InternalName : Amoumain OriginalFilename : Amoumain.exe ProductName : A4Tech iWheelWorks Mouse Driver Created on : 2003-08-09 08:41:41 Last accessed : 2006-06-22 19:37:35 Last modified : 2003-07-17 22:53:16 #:21 [hpqcmon.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\ ThreadCreationTime : 2006-06-22 19:37:35 BasePriority : Normal FileSize : 88 KB FileVersion : 2.0.0.133 ProductVersion : 2.0.0.133 Copyright : Copyright © 2001 FileDescription : HpqCmon MFC Application InternalName : HpqCmon OriginalFilename : HpqCmon.EXE ProductName : HpqCmon Application Created on : 2002-10-06 22:23:20 Last accessed : 2006-06-22 19:36:12 Last modified : 2002-10-06 22:23:20 #:22 [hpgs2wnd.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\ ThreadCreationTime : 2006-06-22 19:37:35 BasePriority : Normal FileSize : 68 KB FileVersion : 2,3,0,0\ ProductVersion : 2,3,0,0\ Copyright : Copyright CompanyName : Hewlett-Packard FileDescription : hpgs2wnd InternalName : hpgs2wnd OriginalFilename : hpgs2wnd.exe ProductName : Hewlett-Packard hpgs2wnd Created on : 2002-04-17 08:42:56 Last accessed : 2006-06-22 19:36:12 Last modified : 2002-04-17 08:42:56 #:23 [ctnotify.exe] FilePath : C:\Program Files\Creative\ShareDLL\ ThreadCreationTime : 2006-06-22 19:37:35 BasePriority : Normal FileSize : 187 KB FileVersion : 2.00.05.0 ProductVersion : 2.0 Copyright : Copyright © Creative Technology Ltd. 2001 CompanyName : Creative Technology Ltd. FileDescription : Disc Detector InternalName : CtNotify OriginalFilename : CtNotify.exe ProductName : Creative Disc Detector Created on : 2003-01-14 16:43:52 Last accessed : 2006-06-22 19:37:35 Last modified : 2001-12-25 18:00:00 #:24 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ThreadCreationTime : 2006-06-22 19:37:35 BasePriority : Normal FileSize : 96 KB FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 CompanyName : Apple Computer, Inc. InternalName : QuickTime Task OriginalFilename : QTTask.exe ProductName : QuickTime Created on : 2005-03-21 10:11:31 Last accessed : 2006-06-22 19:36:12 Last modified : 2005-03-21 10:11:31 #:25 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 2006-06-22 19:37:35 BasePriority : Normal FileSize : 13 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON OriginalFilename : CTFMON.EXE ProductName : Microsoft Created on : 2001-10-26 17:29:50 Last accessed : 2006-06-22 19:36:12 Last modified : 2002-09-20 16:05:18 #:26 [skype.exe] FilePath : C:\Program Files\Skype\Phone\ ThreadCreationTime : 2006-06-22 19:37:35 BasePriority : Normal FileSize : 12951 KB Created on : 2004-11-23 17:34:16 Last accessed : 2006-06-22 19:36:16 Last modified : 2005-04-19 14:10:34 #:27 [ctnmrun.exe] FilePath : C:\Program Files\Creative\SBLive\PlayCenter2\ ThreadCreationTime : 2006-06-22 19:37:36 BasePriority : Normal FileSize : 18 KB FileVersion : 3.15.3.0 ProductVersion : 3.15.3.0 Copyright : Copyright © Creative Technology Ltd 2001 CompanyName : Creative Technology Ltd. FileDescription : NOMAD Detector InternalName : CTNMRun OriginalFilename : CTNMRun.EXE ProductName : NOMAD Detector Created on : 2003-01-14 16:43:50 Last accessed : 2006-06-22 19:36:16 Last modified : 2002-03-05 02:15:00 #:28 [gg.exe] FilePath : C:\Program Files\Gadu-Gadu\ ThreadCreationTime : 2006-06-22 19:37:36 BasePriority : Normal FileSize : 772 KB FileVersion : 6, 1, 0, 158 ProductVersion : 6, 1, 0, 158 Copyright : Copyright © 1999,2005 sms-express.com CompanyName : sms-express.com FileDescription : Gadu-Gadu - program glowny InternalName : GG OriginalFilename : gg.exe ProductName : Gadu-Gadu Created on : 2005-03-31 09:18:49 Last accessed : 2006-06-22 19:36:16 Last modified : 2005-03-31 09:18:49 #:29 [hpgs2wnf.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\ ThreadCreationTime : 2006-06-22 19:37:36 BasePriority : Normal FileSize : 76 KB FileVersion : 2, 6, 0, ProductVersion : 2, 6, 0, Copyright : Copyright 2001 FileDescription : hpgs2wnf Module InternalName : hpgs2wnf OriginalFilename : hpgs2wnf.EXE ProductName : hpgs2wnf Module Created on : 2002-04-17 08:49:16 Last accessed : 2006-06-22 19:36:16 Last modified : 2002-04-17 08:49:16 #:30 [idman.exe] FilePath : C:\Program Files\Internet Download Manager\ ThreadCreationTime : 2006-06-22 19:37:36 BasePriority : Normal FileSize : 825 KB FileVersion : 5, 0, 2, 14 ProductVersion : 5, 0, 2, 14 Copyright : Copyright © 1999 - 2006 CompanyName : Internet Download Manager Corp., Tonec Inc. FileDescription : Internet Download Manager Application (IDM) InternalName : Internet Download Manager OriginalFilename : IDMan.exe ProductName : Internet Download Manager (IDM) Created on : 2006-04-20 15:03:03 Last accessed : 2006-06-22 19:36:12 Last modified : 2006-04-26 10:06:59 #:31 [imapp.exe] FilePath : C:\PROGRA~1\INCRED~2\bin\ ThreadCreationTime : 2006-06-22 19:37:36 BasePriority : Normal FileSize : 128 KB FileVersion : 2, 5, 0, 1361 ProductVersion : 2, 5, 0, 1361 Copyright : Copyright CompanyName : IncrediMail, Ltd. FileDescription : IncrediMail Application InternalName : IncrediApp OriginalFilename : IMAPP.EXE ProductName : IncrediMail #:32 [sdii.exe] FilePath : C:\WINDOWS\twain_32\ScanWiz5\ ThreadCreationTime : 2006-06-22 19:37:36 BasePriority : Normal FileSize : 308 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright © 2000 FileDescription : SDII MFC Application InternalName : SDII OriginalFilename : SDII.EXE ProductName : SDII Application Created on : 2003-01-15 17:14:10 Last accessed : 2006-06-22 19:36:12 Last modified : 2001-10-03 15:40:44 #:33 [tvrmvcr.exe] FilePath : C:\Program Files\Prolink\PlayTV Pro\ ThreadCreationTime : 2006-06-22 19:37:37 BasePriority : Normal FileSize : 100 KB FileVersion : 4.10 ProductVersion : 4.10.980 Copyright : TelSignal Co., Ltd. CompanyName : TelSignal Co., Ltd. FileDescription : TV/FM/VCR Remote InternalName : TVRMVCR.EXE OriginalFilename : TVRMVCR.EXE ProductName : TelSignal TV/FM Tuner Created on : 2003-01-14 22:41:31 Last accessed : 2006-06-22 19:37:37 Last modified : 2001-11-23 17:50:36 #:34 [mediadet.exe] FilePath : C:\Program Files\Creative\ShareDLL\ ThreadCreationTime : 2006-06-22 19:37:38 BasePriority : Normal FileSize : 163 KB FileVersion : 2.00.07.0 ProductVersion : 2.00 Copyright : Copyright © Creative Technology Ltd. 2001 CompanyName : Creative Technology Ltd. FileDescription : Disc Detector InternalName : MediaDet OriginalFilename : MediaDet.exe ProductName : Creative Disc Detector Created on : 2003-01-14 16:43:52 Last accessed : 2006-06-22 19:36:16 Last modified : 2002-04-29 18:00:00 #:35 [osd.exe] FilePath : C:\Program Files\Netropa\Onscreen Display\ ThreadCreationTime : 2006-06-22 19:37:40 BasePriority : Normal FileSize : 88 KB FileVersion : 2.02 ProductVersion : 2.02 Copyright : Copyright CompanyName : Netropa Corp. FileDescription : Netropa® Onscreen Display InternalName : OSD OriginalFilename : osd.exe ProductName : Onscreen Display Created on : 2004-04-03 18:22:35 Last accessed : 2006-06-22 19:36:16 Last modified : 2001-11-14 02:03:12 #:36 [notepad.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 2006-06-22 19:39:15 BasePriority : Normal FileSize : 65 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Notatnik InternalName : Notepad OriginalFilename : NOTEPAD.EXE ProductName : System operacyjny Microsoft Created on : 2001-10-26 17:29:58 Last accessed : 2006-06-22 19:39:15 Last modified : 2001-10-26 17:29:58 #:37 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-aware 6\ ThreadCreationTime : 2006-06-22 19:43:43 BasePriority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 2006-06-16 20:00:30 Last accessed : 2006-06-22 19:43:43 Last modified : 2003-07-12 20:00:20 Memory scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Started registry scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Started deep registry scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Deep registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Deep scanning and examining files (C:) ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Disk scan result for C:\ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Deep scanning and examining files (D:) ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Disk scan result for D:\ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 21:49:12 Scan complete Summary of this scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Total scanning time :00:05:20:719 Objects scanned :115529 Objects identified :0 Objects ignored :0 New objects :0 “Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “IncrediMail” = “C:\PROGRA~1\INCRED~2\bin\IncMail.exe /c” [“IncrediMail, Ltd.”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “PCShield” = “regsvr32 /s “C:\WINDOWS\System32\sfg_6dda.dll”” [MS] “NOMAD Detector” = ““C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe”” [“Creative Technology Ltd.”] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com”] “ccleaner” = ““C:\Program Files\CCleaner\ccleaner.exe” /AUTO” [“Piriform Ltd”] “IDMan” = “C:\Program Files\Internet Download Manager\IDMan.exe /onboot” ["Internet Download Manager Corp., Tonec Inc. "] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE NvQTwk,NvCplDaemon initialize” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” [MS] “WINDVDPatch” = “CTHELPER.EXE” [“Creative Technology Ltd”] “UpdReg” = “C:\WINDOWS\UpdReg.EXE” [“Creative Technology Ltd.”] “Jet Detection” = ““C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”” [empty string] “CTStartup” = “C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run” [“Creative Technology Ltd.”] “HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe” [“HP”] “InCD” = “C:\Program Files\Ahead\InCD\InCD.exe” [“Copyright © ahead software gmbh and its licensors”] “NeroCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “MULTIMEDIA KEYBOARD” = “C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe” [“Netropa Corp.”] “WheelMouse” = “C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” [“A4Tech Co.,Ltd.”] “CamMonitor” = “C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe” [empty string] “Share-to-Web Namespace Daemon” = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [“Hewlett-Packard”] “Disc Detector” = “C:\Program Files\Creative\ShareDLL\CtNotify.exe” [“Creative Technology Ltd.”] “PCShield” = “regsvr32 /s “C:\WINDOWS\System32\sfg_6dda.dll”” [MS] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0055C089-8582-441B-A0BF-17B458C2A3A8}(Default) = “IDM Helper” -> {HKLM…CLSID} = “IDMIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Internet Download Manager\IDMIECC.dll” [“Internet Download Manager Corp., Tonec Inc.”] {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D}(Default) = (no title provided) -> {HKLM…CLSID} = “Miniclip” \InProcServer32(Default) = “C:\WINDOWS\DOWNLO~1\MINICL~1.DLL” [empty string] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{C56C4E21-706D-11d0-AFC5-444553540002}” = “My Digital Camera” -> {HKLM…CLSID} = “My Digital Camera” \InProcServer32(Default) = “C:\Program Files\Common Files\FotoNation\camview.dll” [“FotoNation Inc.”] “{A4DF5659-0801-4A60-9607-1C48695EFDA9}” = “Folder przesyłania Share-to-Web” -> {HKLM…CLSID} = “Folder przesyłania Share-to-Web” \InProcServer32(Default) = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL” [“Hewlett-Packard”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ “AppInit_DLLs” = (value not set) HKLM\Software\Classes*\shellex\ContextMenuHandlers\ IMMenuShellExt(Default) = “{F8984111-38B6-11D5-8725-0050DA2761C4}” -> {HKLM…CLSID} = “IMMenuShellExt Class” \InProcServer32(Default) = “C:\Program Files\IncrediMail\bin\IMShExt.dll” [“IncrediMail, Ltd.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Konto Administratora\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\ss3dfo.scr” [MS] Startup items in “Konto Administratora” & “All Users” startup folders: ---------------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “Microtek Scanner Finder” -> shortcut to: “C:\WINDOWS\twain_32\ScanWiz5\SDII.exe” [empty string] “Remote Controller” -> shortcut to: “C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE” [“TelSignal Co., Ltd.”] Enabled Scheduled Tasks: ------------------------ “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: %SystemRoot%\system32\mswsock.dll [MS], 1 - 8 C:\WINDOWS\System32\idmmbc.dll [null data], 9 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D}” -> {HKLM…CLSID} = “Miniclip” \InProcServer32(Default) = “C:\WINDOWS\DOWNLO~1\MINICL~1.DLL” [empty string] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D}” = (no title provided) -> {HKLM…CLSID} = “Miniclip” \InProcServer32(Default) = “C:\WINDOWS\DOWNLO~1\MINICL~1.DLL” [empty string] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {9FF56D85-DB4F-4267-B669-8D05B0BF9A04}(Default) = (no title provided) -> {HKLM…CLSID} = “Web Offer Bar” \InProcServer32(Default) = “C:\PROGRA~1\TopText\eapbh.dll” [“CliprexWOInt”] {F7384C48-97B6-45DF-A2FA-1D7762D32F9C}(Default) = (no title provided) -> {HKLM…CLSID} = “Web Offer Bar” \InProcServer32(Default) = “C:\PROGRA~1\TopText\eapbh.dll” [“CliprexWOInt”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {C377C94E-5A4F-11D3-940D-00001CD3D236}\ “ButtonText” = “Player!” Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\System32\CTsvcCDA.exe” [“Creative Technology Ltd”] Netropa NHK Server, nhksrv, “C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe” [null data] NVIDIA Driver Helper Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] WMDM PMSP Service, WMDM PMSP Service, “C:\WINDOWS\System32\MsPMSPSv.exe” [MS] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\ “UpperFilters” = INFECTION WARNING! “msikbd2k” [“Netropa Corporation”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt05\Driver = “hpzlnt05.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 58 seconds, including 2 seconds for message boxes)

Po zastosowaniu programów do naprawy internetu, niestety nadal go nie ma. komputer nie widzi połączenia:( . W okenku połączenie widać wychodzące, ale brak odebranego. W okienku IP wyskakuja dwa inne numery, a maska jest takak 255.255.0.0 czy to możłiwe, czy nie powinno sie składac z większej liczby? aha i brak bamy domyślnej, tzn nie ma żadnych cyferek oraz brak preferowanych serwerów,a właściwie to pokazuje ze brak jakiegokolwiek. mam net w aster city, moze to coś pomoze, albo czy mam coś gdzies wpisać:)

Prosze o sprawdzenie tego zestawu dla mnie 'czarnej magii" i ew. w necie. Dzięki;]

MaYsTeR · 23 Czerwiec 2006 07:34

Log z HijackThis ok …

Pobierz program Ewido zrób update i przeskanuj

oraz

Monika-ka · 23 Czerwiec 2006 07:50

Za bardzo nie mam jak zrobic update, bo jak już napisałam nie mam internetu. Widzi modem, wysyła sygnał, nie ma połączenia. Więc co proponujecie, abym miała net? :shock:

MaYsTeR · 23 Czerwiec 2006 07:53

Jeśli masz możliwośc to wklej loga z Silent Runners

zrobiłaś wszystko co napisał InfinityToJa

Monika-ka · 23 Czerwiec 2006 09:13

tak, ale ten program tez nie widzi internetu, kilka razy się restartował i bezskutecznie

a co do Silent Runners tego czy to nie to:

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS]

“IncrediMail” = “C:\PROGRA~1\INCRED~2\bin\IncMail.exe /c” [“IncrediMail, Ltd.”]

“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]

“PCShield” = “regsvr32 /s “C:\WINDOWS\System32\sfg_6dda.dll”” [MS]

“NOMAD Detector” = ““C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe”” [“Creative Technology Ltd.”]

“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com”]

“ccleaner” = ““C:\Program Files\CCleaner\ccleaner.exe” /AUTO” ["Pi**…itd. jeśli to to, to zamieścilam co mi wyskoczyło;] po skanie.**

Monczkin · 23 Czerwiec 2006 09:16

Monika-ka proszę logi i wszelkie komunikatyy umieszczać z znacznikach :evil:

Monika-ka · 23 Czerwiec 2006 10:21

:? jak sie już nauczę to bezzwłocznię tak zacznę robić… :oops:

Bieniol · 23 Czerwiec 2006 16:40

Ten log jest urwany - poczekaj na komunikat, że log skończony - dopiero wtedy wklej go na forum

Monika-ka · 24 Czerwiec 2006 09:15

podałam 3 pełne logi wyrzej, a-awrar`a, hijacka i tego spy-boota. A ten urwany to tylko przykład. Kmputer teraz smiga jak oszalała - tzn bardzo szybko, natomiast gorzej z tym netem. Chciała odinstalować iexplorera, ale nie mogę, cos go blokuje. Komputer nie widzi moje IP. Czy mógł by ktos mi powiedziec jak usunąć iexplorera? :]

Bieniol · 24 Czerwiec 2006 09:21

Jak rozumiem nadal nie działa? Użyłaś narzędzia WinSockFix? Bo wydaje mi się, że łańcuch jest zerwany

Poczytaj tutaj --> http://forum.dobreprogramy.pl/viewtopic … 38d0edf319

Monika-ka · 26 Czerwiec 2006 14:59

Tak uzyłam wszystkich zaleconych programów, nawet po 2-3 razy, a oto ostatnie 2 logi: a internetu ni huhu

Logfile of HijackThis v1.99.1 Scan saved at 22:50:11, on 2006-06-23

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Creative\ShareDLL\MediaDet.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\INCRED~2\bin\IMApp.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\WINDOWS\twain_32\ScanWiz5\SDII.exe

C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Documents and Settings\Konto Administratora\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”

O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM…\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM…\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM…\Run: [PCShield] regsvr32 /s “C:\WINDOWS\System32\sfg_6dda.dll”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [!ewido] “C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU…\Run: [incrediMail] C:\PROGRA~1\INCRED~2\bin\IncMail.exe /c

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [PCShield] regsvr32 /s “C:\WINDOWS\System32\sfg_6dda.dll”

O4 - HKCU…\Run: [NOMAD Detector] “C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ccleaner] “C:\Program Files\CCleaner\ccleaner.exe” /AUTO

O4 - HKCU…\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe

O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~2\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: Player! - {C377C94E-5A4F-11d3-940D-00001CD3D236} - C:\WINDOWS\System32\shdocvw.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O12 - Plugin for .pcg: C:\Program Files\Internet Explorer\Plugins\nppcgplg.dll

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://wilga.acn.pl/wilga/art/tdserver.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Reflex … Loader.cab

O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - http://www.miniclip.com/toolbar/minicliptoolbar.cab

O16 - DPF: {80B410C0-BADA-11D4-8308-0080C8D7ED4A} - http://gryonline.wp.pl/files/tysiac.cab

O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/O2CPlayer_147.cab

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

" Silent Runners.vbs", revision 46, http://www.silentrunners.org/Operating System: Windows XP

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS]

“IncrediMail” = “C:\PROGRA~1\INCRED~2\bin\IncMail.exe /c” [“IncrediMail, Ltd.”]

“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]

“PCShield” = “regsvr32 /s “C:\WINDOWS\System32\sfg_6dda.dll”” [MS]

“NOMAD Detector” = ““C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRun.exe”” [“Creative Technology Ltd.”]

“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com”]

“ccleaner” = ““C:\Program Files\CCleaner\ccleaner.exe” /AUTO” [“Piriform Ltd”]

“IDMan” = “C:\Program Files\Internet Download Manager\IDMan.exe /onboot” ["Internet Download Manager Corp., Tonec Inc. "]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“NvCplDaemon” = “RUNDLL32.EXE NvQTwk,NvCplDaemon initialize” [MS]

“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]

“SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”]

“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” [MS]

“WINDVDPatch” = “CTHELPER.EXE” [“Creative Technology Ltd”]

“UpdReg” = “C:\WINDOWS\UpdReg.EXE” [“Creative Technology Ltd.”]

“Jet Detection” = ““C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”” [empty string]

“CTStartup” = “C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run” [“Creative Technology Ltd.”]

“HPDJ Taskbar Utility” = “C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe” [“HP”]

“NeroCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“MULTIMEDIA KEYBOARD” = “C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe” [“Netropa Corp.”]

“WheelMouse” = “C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” [“A4Tech Co.,Ltd.”]

“CamMonitor” = “C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe” [empty string]

“Share-to-Web Namespace Daemon” = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [“Hewlett-Packard”]

“Disc Detector” = “C:\Program Files\Creative\ShareDLL\CtNotify.exe” [“Creative Technology Ltd.”]

“PCShield” = “regsvr32 /s “C:\WINDOWS\System32\sfg_6dda.dll”” [MS]

“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]

“!ewido” = ““C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized” [“Anti-Malware Development a.s.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}(Default) = “IDM Helper”

-> {HKLM…CLSID} = “IDMIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Internet Download Manager\IDMIECC.dll” [“Internet Download Manager Corp., Tonec Inc.”]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)

-> {HKLM…CLSID} = “Yahoo! Toolbar Helper”

\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{C56C4E21-706D-11d0-AFC5-444553540002}” = “My Digital Camera”

-> {HKLM…CLSID} = “My Digital Camera”

\InProcServer32(Default) = “C:\Program Files\Common Files\FotoNation\camview.dll” [“FotoNation Inc.”]

“{A4DF5659-0801-4A60-9607-1C48695EFDA9}” = “Folder przesyłania Share-to-Web”

-> {HKLM…CLSID} = “Folder przesyłania Share-to-Web”

\InProcServer32(Default) = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL” [“Hewlett-Packard”]

“{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices”

-> {HKLM…CLSID} = “Portable Media Devices”

\InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

-> {HKLM…CLSID} = “Portable Media Devices Menu”

\InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “ewido anti-spyware 4.0”

-> {HKLM…CLSID} = “CShellExecuteHookImpl Object”

\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll” [“Anti-Malware Development a.s.”]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

“AppInit_DLLs” = (value not set)

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”

-> {HKLM…CLSID} = “CContextScan Object”

\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”]

IMMenuShellExt(Default) = “{F8984111-38B6-11D5-8725-0050DA2761C4}”

-> {HKLM…CLSID} = “IMMenuShellExt Class”

\InProcServer32(Default) = “C:\Program Files\IncrediMail\bin\IMShExt.dll” [“IncrediMail, Ltd.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”

-> {HKLM…CLSID} = “CContextScan Object”

\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Active Desktop and Wallpaper:

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\Konto Administratora\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\System32\ss3dfo.scr” [MS]

Startup items in “Konto Administratora” & “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS]

“Microtek Scanner Finder” -> shortcut to: “C:\WINDOWS\twain_32\ScanWiz5\SDII.exe” [empty string]

“Remote Controller” -> shortcut to: “C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE” [“TelSignal Co., Ltd.”]

Enabled Scheduled Tasks:

“Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”]

Winsock2 Service Provider DLLs:

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:

%SystemRoot%\system32\mswsock.dll [MS], 1 - 8

C:\WINDOWS\System32\idmmbc.dll [null data], 9

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{EF99BD32-C1FB-11D2-892F-0090271D4F88}”

-> {HKLM…CLSID} = “Yahoo! Toolbar”

\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided)

-> {HKLM…CLSID} = “Yahoo! Toolbar”

\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{9FF56D85-DB4F-4267-B669-8D05B0BF9A04}(Default) = (no title provided)

-> {HKLM…CLSID} = “Web Offer Bar”

\InProcServer32(Default) = “C:\PROGRA~1\TopText\eapbh.dll” [“CliprexWOInt”]

{F7384C48-97B6-45DF-A2FA-1D7762D32F9C}(Default) = (no title provided)

-> {HKLM…CLSID} = “Web Offer Bar”

\InProcServer32(Default) = “C:\PROGRA~1\TopText\eapbh.dll” [“CliprexWOInt”]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{C377C94E-5A4F-11D3-940D-00001CD3D236}\

“ButtonText” = “Player!”

Running Services (Display Name, Service Name, Path {Service DLL}):

Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\System32\CTsvcCDA.exe” [“Creative Technology Ltd”]

ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, “C:\Program Files\ewido anti-spyware 4.0\guard.exe” [“Anti-Malware Development a.s.”]

Netropa NHK Server, nhksrv, “C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe” [null data]

NVIDIA Driver Helper Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS]

WMDM PMSP Service, WMDM PMSP Service, “C:\WINDOWS\System32\MsPMSPSv.exe” [MS]

Keyboard Driver Filters:

HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\

“UpperFilters” = INFECTION WARNING! “msikbd2k” [“Netropa Corporation”]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt05\Driver = “hpzlnt05.dll” [“HP”]

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer “No” at the first message box.

---------- (total run time: 63 seconds, including 5 seconds for message boxes)

MaYsTeR · 26 Czerwiec 2006 15:25

W HijackThis skasuj :

Log ogólnie czysty

Wpis usuń Hijackiem oraz całkowicie zapobiec powstawaniu tego wpisu poprzez:

Panel sterowania --> System --> Zaawansowne --> Uruchamianie i odzyskiwanie

Klikasz Ustawienia i w sekcji Zapisywanie informacji o debugowaniu ustaw opcję na Brak

Start -> Uruchom -> msconfig -> Uruchamianie

Odznacz aplikacje które nie używasz

InfinityToJa · 26 Czerwiec 2006 17:02

W dodaj/usuń odinstaluj TopText, później jeśli będzie skasuj folder C:\PROGRA~1\ TopText

Otwórz notatnik i wklej:

Plik>>>zapisz jako>>zmień rozszerzenie z .txt na wszystkie pliki>>>zapisz pod nazwą FIX.REG i uruchom w trybie awaryjnym